Data privacy: Ohio ponders
Commission's docket reflects disparate views
We've documented both the divided and the devoted approaches to consumer data privacy in this space and we've noted the myriad reasons various ratepayers have given for rejecting smart meters.
In looking at the Public Utilities Commission of Ohio (PUCO) docket on consumer privacy, data access and cyber security, a pattern emerged that I think could be instructive to the industry.
The first three entries in the docket are by the PUCO itself, one of them giving the questions considered by the docket:
- Should the Commission consider developing additional, specific privacy protection or data access policies?
- If so, what issues should be considered?
- For advanced metering and smart grid programs, what privacy interests, concerns and practices are most important to address?
Ann Cavoukian, the privacy commissioner for Ontario, was first to comment. (See our interviews with her, "Data Privacy Issues," and "Data Privacy Issues, Part II." ) Cavoukian recommends "baking in" privacy from the get-go, embedding it into the technology, the processes and people involved.
Dayton Power & Light, which had withdrawn its application to rollout advanced metering infrastructure in January (it did not win a stimulus-based implementation grant), wrote that "the process of developing policies, procedures and rule surrounding protection of customer specific information in connection with these new technologies, should be allowed to develop slowly in order to take into account lessons learned in this rapidly changing environment. Since the technology is not firmly in place and deployed yet, the development of rules surrounding privacy concerns should be fluid in nature, and a 'go-slow' approach is recommended."
In contrast, Duke Energy provided nearly three dozen bulleted items in recommending a comprehensive set of data privacy policies for statewide implementation. As to its sense of urgency, Duke wrote that "because many Ohio utilities have begun modernizing their distribution systems and deploying advanced metering infrastructure, it is appropriate to consider and begin to develop privacy protection and/or data access policies."
The Ohio Hospital Association, while agreeing with Dayton Power & Light that AMI was in its "early stages," reached the opposite conclusion, commenting that "the difficulty that this subject poses for the Commission and the public at large is the fact that it is not yet clear how expansive the information to be collected through AMI technology will become in the next few years." Therefore, "OHA urges the Commission to begin a thoughtful and thorough consideration of the rules that should govern AMI information while the advancement of that technology is still in its early stages."
The City of Westerville commented that after embarking on a metering program, it restricted that program to businesses and commercial/industrial interests that could use the meters to better control their electricity use. Residents could opt-in, if they lived close enough to participating businesses. (Presumably the city used a mesh network for data backhaul.) The city offered to advise the Commission on why it didn't proceed with residential meters, but left those reasons unstated.
Another dozen parties weighed in. One citizen helpfully provided a suggested "NOTICE OF NO CONSENT TO TRESPASS AND SURVEILLANCE, NOTICE OF LIABILITY," which had a homespun preamble in legalese followed by a nine-point list of objections and a summation—just in case the reader did not get the point. This citizen did not have a new smart meter on his Christmas wish list. No other citizens submitted comments to the docket.
My point? The public is not asking for meters. Many have (vociferous) reservations about the privacy aspects. Utilities are divided on the issue, perhaps a function of their understanding of how closely privacy concerns or breaches might affect their bottom line.
Personally, I'm in favor of meters that provide precise measures of my electricity use so that my frugality will be reflected in my bill. Being aware of the constraints we've placed on electric utilities to serve our needs, I think they're justified in deploying meters so they can operate efficiently. (Though I think those efficiencies should preclude my paying for the meter.)
But it seems clear that, despite the seeming inevitability to a nationwide deployment of smart meters, backlash has only just begun. If the industry cannot convince the citizen/voter/taxpayer/ratepayer that their privacy concerns are being vigorously addressed, what do you suppose the reaction will be when a major breach occurs? What do you envision will be the reception for dynamic pricing? Home area networks?
Intelligent Utility Daily